From 828df76bc872df011179d9d89e06a136647afddd Mon Sep 17 00:00:00 2001 From: Tatevik Date: Wed, 6 May 2026 16:55:49 +0400 Subject: [PATCH 1/2] add SSL connection check option --- public_html/lists/admin/mysqli.inc | 9 +++++++-- public_html/lists/config/config_extended.php | 3 +++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/public_html/lists/admin/mysqli.inc b/public_html/lists/admin/mysqli.inc index 29c900890..07c83d7a7 100644 --- a/public_html/lists/admin/mysqli.inc +++ b/public_html/lists/admin/mysqli.inc @@ -11,7 +11,7 @@ if (!function_exists("mysqli_init")) { function Sql_Connect($host, $user, $password, $database) { - global $database_port, $database_socket, $database_connection_compression, $database_connection_ssl; + global $database_port, $database_socket, $database_connection_compression, $database_connection_ssl, $database_connection_ssl_check; if (!$host || !$user) { header('HTTP/1.0 500 Cannot connect to database'); @@ -20,7 +20,12 @@ function Sql_Connect($host, $user, $password, $database) } $db = mysqli_init(); $compress = empty($database_connection_compression) ? 0 : MYSQLI_CLIENT_COMPRESS; - $secure = empty($database_connection_ssl) ? 0 : MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; + $secure = 0; + if (!empty($database_connection_ssl)) { + $secure = !empty($database_connection_ssl_check) + ? MYSQLI_CLIENT_SSL + : MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; + } mysqli_report(MYSQLI_REPORT_OFF); diff --git a/public_html/lists/config/config_extended.php b/public_html/lists/config/config_extended.php index b0ab027c4..53b1e867c 100644 --- a/public_html/lists/config/config_extended.php +++ b/public_html/lists/config/config_extended.php @@ -41,6 +41,9 @@ // force database connection to use SSL $database_connection_ssl = false; +// force to check SSL connection +$database_connection_ssl_check = false; + // if you use multiple installations of phpList you can set this to // something to identify this one. it will be prepended to email report // subjects From a5ef24455434fe17fd7034c034f4d879c0f32589 Mon Sep 17 00:00:00 2001 From: Tatevik Date: Wed, 13 May 2026 14:59:40 +0400 Subject: [PATCH 2/2] Add configuration for ca cert path --- public_html/lists/admin/mysqli.inc | 23 +++++++++++++++----- public_html/lists/config/config_extended.php | 10 ++++++--- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/public_html/lists/admin/mysqli.inc b/public_html/lists/admin/mysqli.inc index 07c83d7a7..6429587c6 100644 --- a/public_html/lists/admin/mysqli.inc +++ b/public_html/lists/admin/mysqli.inc @@ -11,7 +11,8 @@ if (!function_exists("mysqli_init")) { function Sql_Connect($host, $user, $password, $database) { - global $database_port, $database_socket, $database_connection_compression, $database_connection_ssl, $database_connection_ssl_check; + global $database_port, $database_socket, $database_connection_compression; + global $database_connection_ssl, $database_connection_ssl_force, $database_connection_ssl_ca; if (!$host || !$user) { header('HTTP/1.0 500 Cannot connect to database'); @@ -22,13 +23,25 @@ function Sql_Connect($host, $user, $password, $database) $compress = empty($database_connection_compression) ? 0 : MYSQLI_CLIENT_COMPRESS; $secure = 0; if (!empty($database_connection_ssl)) { - $secure = !empty($database_connection_ssl_check) - ? MYSQLI_CLIENT_SSL - : MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; + $secure = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; + } + if (!empty($database_connection_ssl_force)) { + $secure = MYSQLI_CLIENT_SSL; } mysqli_report(MYSQLI_REPORT_OFF); + if (!empty($database_connection_ssl_ca)) { + mysqli_ssl_set( + $db, + null, + null, + realpath($database_connection_ssl_ca), + null, + null + ); + } + if (!mysqli_real_connect($db, $host, $user, $password, $database, $database_port, $database_socket, $compress | $secure)) { $errno = mysqli_connect_errno(); @@ -432,5 +445,3 @@ function sql_escape($text) return ''; } } - - diff --git a/public_html/lists/config/config_extended.php b/public_html/lists/config/config_extended.php index 53b1e867c..f453ac888 100644 --- a/public_html/lists/config/config_extended.php +++ b/public_html/lists/config/config_extended.php @@ -38,11 +38,15 @@ // enable database connection compression $database_connection_compression = false; -// force database connection to use SSL +// Use SSL/TLS for the database connection. $database_connection_ssl = false; -// force to check SSL connection -$database_connection_ssl_check = false; +// Set to true if MySQL is configured with require_secure_transport=ON. +$database_connection_ssl_force = false; + +// If the database user requires SSL, set this to the path +// of the CA certificate used to verify the MySQL server certificate. +$database_connection_ssl_ca = '/path/to/ca.pem'; // if you use multiple installations of phpList you can set this to // something to identify this one. it will be prepended to email report